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(54) Embedding authentication information into an image 

(57) A digital camera has means to authentication 
information into a photographed image for detecting the 
identity of the image. The authentication information 
supplied integrally with the image data, so that, the ver- 
ifier can verify the image data without saving the authen- 
tication information. This is achieved by having a region 
dividing unit 24 for dividing the image into a first image 
region and a second image region in response to the 
digital signal, authentication information generating 
means 29 for generating authentication information 
from data in the first image region, encrypting means 30 
for encrypting the authentication information, hiding 
means 25 for embedding the encrypted authentication 
information into the second image region by operating 
the data in the second image region, and region com- 
bining means 26 for combining the first image region in 
the image with the second image region in which the 
authentication information is embedded. 
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Description 

The present invention relates to a system for em- 
bedding a digest of an image, and particularly to a digital 
camera in which the authentication information of a pho- s 
tographed image is added to the image. 

Recently, the digrtal camera has been rapidly com- 
ing into wide use. The digital camera is used to photo- 
graph a scene or the like and store it in a memory card 
or the like as digital data. The reason for the rapid wide 10 
use of the digital camera naturally resides in the reduc- 
tion of the main unit's price and its excellent portability, 
but it is more important that the taken photograph can 
be held as a digital image. Digital data can easily be 
processed by a computer or the like with respect to its is 
contents, and can easily be distributed through a net- 
work or the like. Accordingly, it is expected that the need 
for the digital camera which can simply provide such dig- 
ital image will increasingly grow in the future. 

On the other hand, since digital data is susceptible 20 
to alteration, such as being combined with other digital 
data without any sign that this has happened, the relia- 
bility of a photographed digital image as evidence may 
raise a problem. Such a problem may not often occur in 
photographs taken as a hobby by general users, but it 2S 
can become significant in the photograph taking for 
business purpose. For instance, there are cases in 
which a digital camera is used to provide a record of 
construction work, and in which a photographed digital 
image is sent or received between the owner and the 30 
contractor through a network. In these cases, the iden- 
tity of the contents of the photographed digital image 
must be detected before the digrtal image can exhibit 
the function as photographic evidence. 

Thus, there are large demands on a digital camera 35 
which can add authentication information on the identity 
of the photographed digital image. 

Figure 1 is a block diagram of the image processing 
system of the conventional digital camera. A photo- 
graphed object is converted to an electric analogue sig- 40 
nal by a CCD 12 through an optical system 11. This sig- 
nal is processed by a signal processing unit 1 3, and out- 
putted as image data D which is a digital signal. The 
generated image data D is inputted to a digest calculat- 
ing unit 14. The digest calculating unit 14 calculates a 
hash value H of the data of the whole image. The hash 
value is a value (digest) uniquely determined by a cal- 
culation based on the image data and showing the char- 
acteristics of the image. The hash value H as a digest 
depends on the image contents. An encrypting unit 15 so 
encrypts the hash value H using a secret key SK, and 
outputs an encrypted hash value H'. This encrypted 
hash value H' is authentication information, which is at- 
tached as a file separate from the image data D. 

To determine whether image data is the same as ss 
the original image data, in other words, whether the im- 
age data has been altered, the following kinds of infor- 
mation are required. 



(1) Image data 

(2) Authentication information (attached to the im- 
age data as a separate fife) 

(3) Public key PK corresponding to the secret key 
(separately acquired from a person in authority) 

To detect alterations, a hash value H-, of the image 
data to be subjected to alteration detection is calculated. 
Then, a hash value H 2 is identified from the authentica- 
tion information in the attached file. Since the authenti- 
cation information is obtained by encrypting the hash 
value H of the original image D by the secret key SK 
(hash value FT), the hash value H 2 cannot be identified 
by the authentication information itself. Thus, the public 
key PK is acquired from a person in authority who is 
keeping the public key PK corresponding to the secret 
key SK, and the authentication information is decoded 
based on this. Then, the obtained hash value H 2 is com- 
pared with the calculated hash value H v If the image as 
the object to be subjected to the alteration detection is 
the same as the original image D, the values of both 
must be the same. It is because the hash value as a 
digest must have a different value if the image contents 
are different. Accordingly, if the hash values are the 
same, it is determined that the identity is detected; oth- 
erwise it is determined that there has been an alteration. 

As described above, in the identification detection 
in the background art, authentication information is at- 
tached separately from image data, and the alteration 
detection is performed on the assumption that the au- 
thentication information is attached when the verifica- 
tion is carried out. Accordingly, in the absence of the au- 
thentication information, the verification cannot be made 
any more. Thus the verifier must pay close attention to 
the storage and management of the authentication in- 
formation. 

Accordingly, it is an object of the present invention 
to propose a novel system in which authentication infor- 
mation can be supplied integrally with image data. 

Further, it is another object of the present invention 
to enable image data to be verified without requiring the 
storage of authentication information by the verifier. 

Furthermore, it is another object of the present in- 
vention to embed authentication information into an im- 
age without degrading the picture quality of image data. 

To solve the above problems, the first invention pro- 
vides a system for embedding authentication informa- 
tion into one means of an image, the system having re- 
gion dividing means for dividing the image into a first 
image region and a second image region, authentication 
information generating means for generating the au- 
thentication information from data in the first image re- 
gion, hiding means for embedding the authentication in- 
formation into the second image region by operating the 
data in the second image region, and region combining 
means for combining the first image region in the image 
with the second image region in which the authentica- 
tion information is embedded. 
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The second invention provides an image alteration 
detecting system having region identifying means for 
identifying a first image region and a second image re- 
gion in an image, the second image region including in- 
formation embedded by operating data, authentication 
information generating means for generating first au- 
thentication information from data in the first image re- 
gion, extracting means for extracting second authenti- 
cation information from the second image region, and 
alteration detecting means for determining, if the first au- 
thentication information is the same as the second au- 
thentication information, that there is no alteration in the 
image, and determining, if they are not the same, that 
there is alteration in the image. 

The third invention provides a method for embed- 
ding authentication information into one means of an im- 
age, the method having a step of dividing the image into 
a first image region and a second image region, a step 
of generating the authentication information from data 
in the first image region, a step of embedding the au- 
thentication information into the second image region by 
operating data in the second image region, and a step 
of combining the first image region in the image with the 
second image region in which the authentication infor- 
mation is embedded. 

The fourth invention provides an alteration detect- 
ing method for the identity of an image, the method hav- 
ing a step of identifying af irst image region and a second 
image region in the image the second image region in- 
cluding information embedded by operating data, a step 
of generating first authentication information from data 
in the first image region, a step of extracting second au- 
thentication information from the second image region 
and a step of determining, if the first authentication in- 
formation is the same as the second authentication in- 
formation, that there is no alteration in the image. 

In such construction the (second) authentication in- 
formation is embedded into the second image region. 
The (second) authentication information is information 
for detecting the identity of the image : which uniquely 
depends on the contents of the first image region. 

If there is alteration in the data in the first image re- 
gion, the first authentication information generated 
based on the altered data has a value different from the 
second authentication information embedded in the 
second image region. Accordingly, by extracting the 
second authentication information embedded in the 
second image region, and comparing it with the first au- 
thentication information newly generated from the first 
image region, a verification can be made as to whether 
or not the image has alteration. 

How the invention may be carried out will now be 
described by way of example only and with reference to 
the accompanying drawings in which: 
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Figure 2 is a block diagram of the image processing 
system of the digital camera in the embodiment; 

Figure 3 is a block diagram of the system for detect- 
ing the identity of an image in the embodiment; 

Figure 4 is a block diagram of the system for detect- 
ing the identity of an image in the embodiment; and 

Figure 5 is a figure for explaining the data hiding 
and extraction using the PBC. 



Figure 2 is a block diagram of the image processing 
system of the digital camera in this embodiment. A pho- 
ts tographed object is connected to an electric analogue 
signal by a CCD 22 through an optical system. This sig- 
nal is processed by an image processor 27 having a sig- 
nal processing unit 23, a region dividing unit 24, a hiding 
unit 25, and a region combining unit 26, and it is output- 
20 ted as image data D' which is a digital signal, and stored 
in a memory 28 such as a memory card: Since this im- 
age data D' includes a hash value embedded in a pre- 
determined image region in image data D by the hiding 
unit 25, it is not completely the same data as the image 
25 data D though the difference cannot be visually discrim- 
inated. 

The image data D, the output of the signal process- 
ing unit 23, is cut into two regions by the region dividing 
unit 24. Figure 3 is a conceptual view for explaining the 
30 division and combination of the image regions. An image 
D as in (a) of the same figure is divided into an image 
region D-, giving an input value for generating a hash val- 
ue, and an image region D 2 into which the generated 
hash value H is embedded (refer to (b) of the same fig- 
35 ure). In this embodiment, the image region D 2 is formed 
by 40 x 40 pixels in the lower-right corner of the image, 
and ideally, information of 1 60 bits can be embedded in it. 

The image region D n divided by the region dividing 
unit 24 is inputted to a digest calculating unit 29 as an 
40 authentication information generating unit. The digest 
calculating unit 29 calculates the hash value H of the 
data in the whole isolated image region D v 

The hash value is a digest which shows the char- 
acteristics of the image by a calculation based on the 
45 image data. The digest is an abstract showing the char- 
acteristics of the image data, and the hash value H is 
characterised by sensitively reacting even to change of 
one pixel in the image contents and changing to a com- 
pletely different value. Accordingly, it can be considered 
so that it is a numeric value which has a one-to-one rela- 
tionship especially with natural image data. 

The hash value H is specifically expressed by the 
following equation. 
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Figure 1 is a block diagram of the image processing 
system of the conventional digital camera and has 
already been described; 



Equation 1 
H=H1 (d[0y/d[1l//d[2]//...//d[I]) 
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In the above equation, H n is ajiash function. An op- 
eratorV/ 0 means the connection of each element of a 
message array. Further, d[i] indicates each pixel value 
contained in the image region D v The concrete calcu- 
lation for this may be, for instance, exclusive OR of the 
data belonging to array elements. However, if exclusive 
OR is used, the sequence of the message array values 
is not reflected upon the calculation result. For instance, 
by using a method called CRC (Cyclic Redundancy 
Check), the sequence relationships can be reflected. 
This algorithm is one of the algorithms for calculating a 
check sum, and generates an output depending on the 
contents of data trains and the sequence of the data 
trains. 

This hash function H-, is a function for calculating 
tor an input (array value d[i]) having a byte length of B m 
bytes, an output (hash value) having a different byte 
length K. Since this function is a uni-directional function, 
it is effectively impossible to estimate xfrom y in H(x)=y. 
The hash value is merely used as the initial value for 
data hiding, and it is only needed that a different output 
is effectively ensured for a different input. Thus, the hash 
value itself has no special meaning. The important thing 
is that a value representing the characteristics of an ar- 
ray is outputted by its calculation, namely, the hash val- 
ue is uniquely determined based on the contents of the 
whole array elements and that value differs depending 
on the contents of the whole array. 

An encrypting unit 30 uses a secret key SK to en- 
crypt the hash value H, and outputs an encrypted hash 
value H\ The encrypted hash value H' is authentication 
information. The secret key SK differs for each digital 
camera, and it is held within the camera. 

The hash value H' encrypted as authentication in- 
formation is sent to the hiding unit 25 in the image proc- 
essor 27. The hiding unit 25 embeds the hash value H' 
into the image region D 2 by operating data in the image 
region D 2 . The embedding can be performed by oper- 
ating data (for instance, pixel values) in the image region 
D 2 in a real space or a frequency space. There are var- 
ious methods for the embedding, and concrete exam- 
ples of them are described later. This is also described 
in detail in Japanese Patent Application No. 8-1 59330 
(our reference No. JA996-044) and Japanese Patent 
Application No. 8-272721 (our reference No. 
JA996-074). 

To embed the hash value H' into the image region 
D 2 , data in that region is operated, and thus the picture 
quality in that portion is rather different from the original 
image. However, since it is almost impossible to visually 
recognise such difference, there is no visual deteriora- 
tion of the picture quality. 

The region combining unit 26 combines the image 
region D 1 in the original image with the image region D 2 
in which the hash value H' is embedded (refer to Figure 
3 (c)). Then, the combined image data D' is stored in the 
memory 28. 

As apparent from the above description, the division 
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of the image region is carried out to identify the region 
for embedding which is not related to the digest calcu- 
lation. If a digest of the whole image is calculated without 
dividing the image region, and the result is embedded, 
s then a new digest of the whole image after the embed- 
ding is not the same as the embedded original digest. 
Accordingly by such method, the detection of the identity 
of the image cannot be performed. Thus, by omitting the 
image region into which the digest is to be embedded 
from the digest calculation, the matching between the 
calculated digest and the embedded digest is ensured. 
In this viewpoint, the original image D, in which only the 
image region D 2 portion is filled in with a single colour 
such as blacker white, may be used as the image region 
D v in this case, a digest of the original image D part of 
which is filled in is calculated, and embedded into the 
image region D 2 . By this, the matching between the di- 
gests can be ensured even after the embedding. 

Further, in the digital camera in this embodiment, 
additional information such as the ID of the camera used 
for the photograph taking, time stamp such as the date 
of photographing, and positional information measured 
by GPS may be embedded into the image region D v In 
this case, it is important that the additional information 
is embedded into the image region D 1 first, and there- 
after the resultant hash value H 1 is embedded into the 
image region D 2 . The reason for this is that, if the hash 
value H* of the image before the embedding of the ad- 
ditional information is embedded into the image region 
D 2 , the hash value will be made different by the subse- 
quent embedding of the additional information and the 
identity cannot be detected. 

In addition, the image region D 2 need not be con- 
centrated to one portion as in the above embodiment, 
but ft may be made to distributfvely exist using a posi- 
tional train generating algorithm, or part of Low Bit may 
be used. 

Now, description is made to a system for performing 
the identity detection of an image photographed by a 
digital camera, using embedded authentication informa- 
tion. A person wanting to detect the identity needs to 
have the following information. It is noted that the au- 
thentication information is integrally embedded in the 
image, and thus need not be saved in the form of a sep- 
arate file. 

(1) Image data fvT 

(2) Public key PK corresponding to a secret key SK 
(separately acquired from a person in authority) 

Figure 4 is a block diagram of the system for detect- 
ing the identity of an image in this embodiment. 

A region identifying unit 41 identifies a image region 
D 1 and an image region D 2 in an image D' in which a 
hash value H' is embedded. The image region D n is a 
region in which data for generating a hash value is 
stored, and the image region D 2 is a region in which the 
hash value H' as the above described authentication in- 
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tions in the original image are as jn (b) of the same fig- 
ure. First, the characteristic values of the two pixel 
blocks are compared, and it is assumed that, as a result, 
the characteristic value of PB, is greater than that of 
PB 2 . If data "1" is hidden in the original, the character- 
istic values of the pixel blocks are not interchanged, be- 
cause the characteristic values of the blocks satisfy the 
condition of data '1 ° in the conversion rule. Since, in the 
data extraction, data "1 " is specified according to the ex- 
traction rule if the characteristic value of PB, is greater, 
data "1 " is extracted. 

On the other hand, if data "0" is hidden in the orig- 
inal, the characteristic values of the pixel blocks are in- 
terchanged, because the relationship between the char- 
acteristic values of the pixel blocks in the original does 
not satisfy the condition of data °0° in the conversion 
rule. However, this interchange cannot be visually rec- 
ognised. For extraction, data "0" is extracted from the 
relationship between the characteristic values of these 
blocks according to the extraction rule. 

As described above, in the PCB, a number of pixel 
blocks enough to hide information to be hidden are se- 
lected from the image. 

Then by making a pallor of one selected pixel block 
and the pixel block adjacent to it, a train of the pairs is 
generated. And bits to be hidden are sequentially hidden 
from the beginning of the train. 

This train may be made to correspond to the state 
sequence S in the first embodiment. For instance, a pix- 
el block is made to correspond to an array element M in 
the medium array M in the first embodiment. A pair is 
made by each array element (state value Sj) of the state 
sequence sequentially generated in a hiding work, and 
the medium array value adjacent to it. Then, the above 
process may be applied to this pair. Further, it is naturally 
possible to make a determination on the basis of the se- 
quence of pseudo-random numbers generated from the 
seed of a certain random number. 

In the extraction, the same block train as that in the 
hiding is scanned. By collecting whether the individual 
pairs represent bit ON or bit OFF on a bit basis according 
to the extraction rule, the whole message is extracted. 
If the characteristic values of the pixel blocks forming a 
pair are the same that pair is skipped as in the hiding. If 
the block train or the method for generating the train is 
made to be secret, the hidden information can be put 
out of a person's sight. 

In addition, in the PBC, the position for embedding 
is preferably determined by considering the picture qual- 
ity and the extraction precision. That is, if the difference 
between the characteristic values of the pixel blocks 
forming the pair to be embedded is too large the picture 
quality can be degraded by the interchange operation. 

To suppress such picture quality degradation, it is 
preferable that a first threshold value (upper limit) is pro- 
vided, and if the difference between the characteristic 
values is larger than the threshold value, no bit is em- 
bedded in that pair. 



Further, if the difference between the characteristic 
values is small, the picture quality degradation due to 
the interchange operation hardly occurs, but, converse- 
ly, the relationship as to which is greater or smaller is 

s reversed by the effect by noise, and it is feared that the 
embedded bit cannot be extracted in the extraction step. 
Accordingly, to suppress the degradation of the extrac- 
tion precision, it is preferable that a second threshold 
value (lower limit) is provided, and if the difference be- 

io tween the characteristic values is smaller than the sec- 
ond threshold value, no bit is embedded in that pair. 

The pairs corresponding to these cases are skipped 
without being subjected to any operation. Then, the bit 
information to be hidden is carried over and hidden with 

15 respect to the next pair. 

As the characteristic value, the value related to the 
primary characteristic and the value related to the sec- 
ondary characteristic of a pixel block can be used. The 
primary characteristic is a direct parameter of a pixel val- 

20 ue such as the brightness or colour degree of the pixel 
block. Further, the secondary characteristic is a value 
showing statistical nature such as a mean value or dis- 
persion of the parameter which is obtained by decom- 
posing the primary characteristic. 

2S Further, the characteristic value may be the calcu- 
lation result between an array made up of a plurality of 
pixel values and a predetermined array mask), or may 
be a particular pixel value obtained by performing a fre- 
quency conversion. In general, the primary characteris- 

30 tic has a strong correlation in two adjacent pixel blocks. 
On the other hand the secondary characteristic can 
have a strong correlation in two spaced blocks which 
are not adjacent to each other. Accordingly, it is noted 
that pixel blocks subjected to the PBC are not always 

35 limited to adjacent blocks. 

As described above, in accordance with the present 
invention, since alternation information is supplied in a 
form in which it is integral with image data, or in a form 
in which it is embedded in an image, the verifier need 

40 not separately store the authentication information. The 
picture quality of image data is not degraded by such 
embedding of the authentication information. 



45 Claims 

1 . A system for embedding authentication inf ormation 
into an image, said system being characterised by: 



so 



ss 



a region dividing unit (24) for dividing the image 
into a first image region and a second image 
region; 

an authentication information generating unit 
(29) for generating 

authentication information from data in said first 
image region; 



6 



11 



EP 0 845 758 A2 



12 



a hiding unit (25) lor embedding said authenti- 
cation information into said second image re- 
gion by operating data in said second image re- 
gion; and 

a region combining unit (26) for combining said 
first image region in said image with said sec- 
ond image region in which said authentication 
information is embedded. 

2. An image alteration detecting system comprising: 

a region identifying unit (24) for identifying a 
first image region and a second image region 
in an image, said second image region includ- 
ing information embedded by operating data; 

an authentication information generating unit 
(29) for generating first authentication informa- 
tion from data in said first image region; 

an extracting unit (43) for extracting second au- 
thentication information from said second im- 
age region; and 

an alteration detecting unit (45) for determining, 
if said first authentication information is the 
same as said second authentication informa- 
tion, that there is no alteration in said image. 

3. A method for embedding authentication information 
into an image, said method being characterised by 
comprising the steps of: 

dividing the image into a first image region and 
a second image region; 

generating authentication information from da- 
ta in said first image region; 

embedding said authentication information into 
said second image region by operating data in 
said second image region; and 

combining said first image region in said image 
with said second image region in which said au- 
thentication information is embedded. 

4. A method for detecting the identity of an image be- 
ing characterised by comprising the steps of: 

identifying a first image region and a second im- 
age region in the image said second image re- 
gion including information embedded by oper- 
ating data in said second image region; 

generating first authentication information from 
data in said first image region; 
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extracting second authentication information 
from said second image region; and 

determining, if said first authentication informa- 
tion is the same as said second authentication 
information, that there is no alteration in said 
image 

A digital camera comprising: 
an optical system (21); 

a converter (22) for converting the light inputted 
through said optical system to an electric signal 
so as to output an analogue signal of an image; 

a signal processing unit (23) for generating a 
digital signal of the image in response to said 
analogue signal charaterised by having; 

a region dividing unit (24) for dividing the image 
into a first image region and a second image 
region in response to said digital signal; 

an authentication information generating unit 
(29) for generating authentication information 
from data in said first image region; 

an encrypting unit (30) for encrypting said au- 
thentication information; 

a hiding unit (25) for embedding the encrypted 
authentication information into said second im- 
age region by operating data in said second im- 
age region; and 

a region combining unit (26) for combining said 
first image region in said image with said sec- 
ond image region in which said authentication 
information is embedded. 

A system as set forth in Claim 1 or 2 or the camera 
of Claim 5 wherein said authentication information 
is either a hash value or a digest of data in said first 
image region. 

A system as set forth in Claim 2 wherein said digest 
is a hash value of data in said first image region. 

A system as set forth in either Claim 1 or 2 further 
comprising an encrypting unit (30) for encrypting 
said authentication information, wherein said hiding 
unit (25) embeds said encrypted authentication in- 
formation into said second image region. 

A system as set forth in Claim 2 wherein said alter- 
ation detecting unit determines (45), if said first au- 
thentication information is not the same as said sec- 



7 



BNSOCCID: <EP_0SA5758A2J_> 



13 



EP 0 845 758 A2 



ond authentication information, that there is altera- 
tion in said image. 

10. A system as set forth in Claim 2 wherein said sec- 
ond authentication information is encrypted infor- 5 
mation, 

said system further comprising a decoding unit 
(44) for decoding said second authentication in- 
formation, 10 

wherein said alteration detecting unit (45) de- 
termines, if said decoded authentication infor- 
mation is the same as said first authentication 
information, that there is no alteration in said is 
image. 
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(54) Embedding authentication information into an image 

(57) A digital camera has means to authentication 
information into a photographed image for detecting the 
identity of the image. The authentication information 
supplied integrally with the image data, so that, the ver- 
ifier can verify the image data without saving the authen- 
tication information. This is achieved by having a region 
dividing unit 24 for dividing the image into a first image 
region and a second image region in response to the 
digital signal, authentication information generating 
means 29 for generating authentication information 
from data in the first image region, encrypting means 30 
for encrypting the authentication information, hiding 
means 25 for embedding the encrypted authentication 
information into the second image region by operating 
the data in the second image region, and region com- 
bining means 26 for combining the first image region in 
the image with the second image region in which the 
authentication information is embedded. 
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